ubuntu-usn

USN-3868-1: Thunderbird vulnerabilities thunderbird vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Several security issues were fixed in Thunderbird. Software Description thunderbird – Mozilla Open Source mail and newsgroup client Details Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, bypass same-origin restrictions, or execute arbitrary code. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 thunderbird – 1:60.4.0+build2-0ubuntu0.18.10.1 Ubuntu 18.04 LTS thunderbird – 1:60.4.0+build2-0ubuntu0.18.04.1 Ubuntu 16.04 LTS thunderbird – 1:60.4.0+build2-0ubuntu0.16.04.1 Ubuntu 14.04 LTS thunderbird – 1:60.4.0+build2-0ubuntu0.14.04.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. After a standard [ more… ]

USN-3869-1: Subversion vulnerability subversion vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Summary Subversion could be made to crash if it received a specially crafted input. Software Description subversion – Advanced version control system Details Ivan Zhakov discovered that Subversion incorrectly handled certain inputs. An attacker could possibly use this issue to cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 libapache2-mod-svn – 1.10.0-2ubuntu2.1 libsvn1 – 1.10.0-2ubuntu2.1 subversion – 1.10.0-2ubuntu2.1 To update your system, please follow these instructions: https://wiki.ubuntu.com/Security/Upgrades. In general, a standard system update will make all the necessary changes. References CVE-2018-11803 Source: USN-3869-1: Subversion vulnerability

USN-3867-1: MySQL vulnerabilities mysql-5.7 vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Summary Several security issues were fixed in MySQL. Software Description mysql-5.7 – MySQL database Details Multiple security issues were discovered in MySQL and this update includes a new upstream MySQL version to fix these issues. Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 18.10 have been updated to MySQL 5.7.25. In addition to security fixes, the updated packages contain bug fixes, new features, and possibly incompatible changes. Please see the following for more information: http://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-25.html https://www.oracle.com/technetwork/security-advisory/cpujan2019-5072801.html Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 mysql-server-5.7 – 5.7.25-0ubuntu0.18.10.2 Ubuntu 18.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.18.04.2 Ubuntu 16.04 LTS mysql-server-5.7 – 5.7.25-0ubuntu0.16.04.2 To update your system, please follow these [ more… ]

USN-3866-1: Ghostscript vulnerability ghostscript vulnerability A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 18.10 Ubuntu 18.04 LTS Ubuntu 16.04 LTS Ubuntu 14.04 LTS Summary Ghostscript could be made to crash, access files, or run programs if it opened a specially crafted file. Software Description ghostscript – PostScript and PDF interpreter Details Tavis Ormandy discovered that Ghostscript incorrectly handled certain PostScript files. If a user or automated system were tricked into processing a specially crafted file, a remote attacker could possibly use this issue to access arbitrary files, execute arbitrary code, or cause a denial of service. Update instructions The problem can be corrected by updating your system to the following package versions: Ubuntu 18.10 ghostscript – 9.26~dfsg+0-0ubuntu0.18.10.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.10.4 Ubuntu 18.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.18.04.4 libgs9 – 9.26~dfsg+0-0ubuntu0.18.04.4 Ubuntu 16.04 LTS ghostscript – 9.26~dfsg+0-0ubuntu0.16.04.4 libgs9 [ more… ]

USN-3707-2: NTP vulnerabilities ntp vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 12.04 ESM Summary Several security issues were fixed in NTP. Software Description ntp – Network Time Protocol daemon and utility programs Details USN-3707-1 and USN-3349-1 fixed several vulnerabilities in NTP. This update provides the corresponding update for Ubuntu 12.04 ESM. Original advisory details: Miroslav Lichvar discovered that NTP incorrectly handled certain spoofed addresses when performing rate limiting. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7426) Matthew Van Gundy discovered that NTP incorrectly handled certain crafted broadcast mode packets. A remote attacker could possibly use this issue to perform a denial of service. (CVE-2016-7427, CVE-2016-7428) Matthew Van Gundy discovered that NTP incorrectly handled certain control mode packets. A remote attacker could use this issue to set or [ more… ]